July 19, 2023

Fighting Back Against Ransomware: A Guide to Prevention and Response


Ransomware has existed for quite some time, but it wasn't until the WannaCry attack back in May 2017 that the public became aware of its destructive potential. The attack impacted over 300,000 Windows computers across 150 countries, encrypting their data and demanding Bitcoin payments for decryption. Ransomware remains a lucrative endeavor, with no signs of slowing down. This blog post outlines best practices for preventing ransomware attacks and provides guidance on responding to an attack on your data.

Figure 1 - WannaCry Ransom Note
Figure 1 - WannaCry Ransom Note (Source: Bleeping Computer)


What is Ransomware?

Ransomware refers to a malicious software that restricts users' access to their own systems by encrypting their files and demanding a ransom payment for the decryption key. Typically, this payment is requested in Bitcoin or other cryptocurrencies that are challenging to trace. Cybercriminals usually impose a deadline for the ransom to be paid, and failure to comply may result in a doubling of the ransom or permanent loss of the files. Ransomware is an ever-present threat in today's digital landscape, and it's crucial to take the necessary precautions to safeguard against it.


Factors Contributing to the Rise of Ransomware

Several factors have contributed to the dramatic increase in ransomware attacks:



Mitigating Ransomware Attacks

The most effective strategy for combating ransomware is regularly backing up your crucial files. Advanced attacks can encrypt not only data files but also Windows restore points. Having a reliable backup and recovery plan is your best defense against ransomware attacks. In addition to regular backups, the following should be considered:


Responding to a Ransomware Attack

If you suspect that your network has been compromised by a ransomware attack, follow these steps:

1. Take a snapshot of your system and shut it down. The snapshot may aid in decryption and provide additional information about the attack. While some experts recommend quarantining infected computers, shutting down all machines may be a safer approach to prevent further spread.

2. Block remote desktop protocol (RDP) at the network level, and consider blocking all email attachments until you've identified the attack's source.

3. Assess the damage and determine the entry point. This is where your backups are crucial. Depending on the infected systems, revert to your backup plan and restore the affected data. Ensure that you have a reliable backup to get your systems up and running quickly.

4. If you don't have a backup, evaluate the value of the encrypted data and decide whether to consult a reputable cybersecurity professional or pay the ransom. While it may be tempting to pay a ransom demand to regain access to your files, it is important to understand that there is no guarantee that you will receive your files back. In fact, paying a ransom can actually increase your risk of being targeted again in the future. By paying a ransom, you are essentially funding the criminal enterprise behind the attack, which only serves to incentivize further attacks. Furthermore, there is no guarantee that the criminals will actually provide you with the encryption keys needed to unlock your files.


Prevent Ransomware and Backdoor Access with Nexusguard's Powerful WAF

Phishing remains the leading cause of cyber attacks and poses a significant threat to organizations, as it provides cybercriminals with an easy way to steal valuable data and distribute ransomware. Fortunately, Nexusguard offers powerful defenses to combat these threats. Our Application Protection (AP) service comprises a cloud-based web application firewall (WAF), which plays a pivotal role in blocking unwanted traffic from entering your site, preventing backdoor access and code manipulation. Nexusguard’s WAF is designed to meticulously scrutinize inbound requests to websites and applications, and employs the industry-leading practices outlined in the OWASP Top 10 framework to provide a formidable layer of protection. As a result, websites and applications are bolstered with an extra layer of security that effectively thwarts ransomware and other potential threats.


To learn more about how to increase the security of your websites and applications, please read about our Application Protection.

Get the latest cybersecurity news and expert insights direct to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.